CNNVD-202601-3358 Information

CNNVD ID

CNNVD-202601-3358

Related CVE

CVE-2025-68137

• CNNVD Published: 2026-01-21

Description (Chinese)

everest-core是EVerest开源的一个电动汽车充电软件堆栈的主要部分。 everest-core 2025.10.0之前版本存在安全漏洞，该漏洞源于SdpPacket::parse_header函数中存在整数溢出，可能导致无限循环或栈缓冲区溢出。

Description (English)

Veverest-core is the main part of an electric vehicle charging software stack at the EVerest open source. There was a security loophole in the pre-everest-core 2025.10.0 version, which originated from the integer spill in the Sdppacket::parse header function, which could lead to an unlimited cycle or a flood of a fence.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

EVerest

Published

2026-01-21

Last Modified

2026-02-24

References

https://github.com/EVerest/everest-core/security/advisories/GHSA-7qq4-q9r8-wc7w https://access.redhat.com/security/cve/cve-2025-68137

Patch

https://github.com/EVerest/everest-core